Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

‘Flame’ Writers Issue Self-destructing Command for Eliminating the Malware

According to researchers from Symantec the security company, because of the widespread hype around the Flame malicious software and its attacks, the program's creators are understood to have dispatched one command that would self-destruct the malware.

Describing Flame, Symantec states that it contains an in-built component known as SUICIDE utilized for uninstalling the malicious program that contaminates PCs. Nonetheless, during the end-week of May 2012, the authors of Flame took to spreading another kind of self-destructing piece across contaminated PCs, which linked up with servers yet being the author-controlled, the security response group of Symantec disclosed.

Incidentally, the researchers captured the command in question named "urgent suicide," via honeypots as on a normal system the malware would've got eliminated devoid of the user's awareness.

The self-destructing component known as browse32.ocx had its latest edition developed on May 9, 2012, Symantec adds.

Its researchers say that the reason for the Flame's creators overriding the utilization of SUICIDE for the self-destruction in favor of making the malware carry out distinctive tasks via one fresh module is unknown. Symantec.com reported this on June 6, 2012.

Meanwhile, despite similarities between the SUICIDE functionality and the new self-destructing module in their capability for removing numerous files related to Flame, the latter is a stage advanced.

Symantec states that the destroyer of Flame winds its task by deleting certain number of folders as well as files. In fact, over 4 folders and160 files are instructed for eliminating following which the uninstaller component uses random characters to rewrite the computer's hard disk.

Also, the security company observes that the uninstaller ensures that no clue about its presence is left hanging around so as to foil any attempt at seizing the malware.

Furthermore, according to Symantec, the Flame attackers kept under their control the domain registrations they used so they could shift to one fresh hosting service for backing the said domains.

Meanwhile, Costin Raiu, Security Researcher at Kaspersky Labs posted on twitter.com that there was one prominent loophole within the new module, which he didn't know whether anybody else had discovered too. Zdnet.com.au published this dated June 7, 2012.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 18-06-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next